<?php

namespace App\Http\Middleware;

use App\Http\Services\UserManager;
use App\User;
use Closure;

class Permission
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next,$permissions)
    {
        /** @var User $user */
        $user = UserManager::isLogin($request,$front = 1);
        if(!$user)
            return response()->json(['level' => 'error','message' => '请先登录','data' => 'no_login']);

        if (!$user->can(explode('|', $permissions)))
            return response()->json(["level"=>"error","message"=>"无权限访问","data"=>"no_permission"]);

        return $next($request);
    }
}
